[Gllug] Forensics On a Cracked Linux Server

Alexandre de Abreu alexandre.abreu at gmail.com
Tue Aug 28 14:41:15 UTC 2007 

Pete,

I'd bet in SSH Bruteforcing using root user :)

On 28/08/07, Pete Stean <peteste at googlemail.com> wrote:
>
> I would like to see a bit more speculating on how the server was comprised
> in the first place - what vectors could have been used to infect it for
> instance... ?
>
> Pete
>
>
> On 28/08/07, Alexandre de Abreu <alexandre.abreu at gmail.com> wrote:
> >
> > Hi Pete,
> >
> > Great article, very well detailed, but nothing new. It could be a great
> > paper for GIAC GCIA SANS certification.
> >
> > Cheers
> >
> > Alexandre
> >
> > On 28/08/07, Peter Cannon <peter at cannon-linux.co.uk > wrote:
> > >
> > > Hi All
> > >
> > > I read this post which was originally on slashdot, I have to say I
> > > found
> > > it very interesting even if I only understood a quarter of it (Note to
> > >
> > > self, you need to learn more). For anyone that has been cracked or
> > > suspect they have been then maybe you should read this, I'm fairly
> > > certain you could use bits and pieces to carry out your own
> > > investigations.
> > >
> > > http://blog.gnist.org/article.php?story=HollidayCracking
> > >
> > > Typically the miscreant cant be caught or at least hasn't been yet I
> > > was
> > > hoping it would end up with the guy tracking him down. :-(
> > >
> > > --
> > > Regards
> > >
> > > Peter cannon
> > >
> > > "There is every excuse for not knowing
> > > There is no excuse for not asking"
> > > --
> > > Gllug mailing list  -   Gllug at gllug.org.uk
> > > http://lists.gllug.org.uk/mailman/listinfo/gllug
> > >
> >
> >
> >
> > --
> > Alexandre de Abreu
> > --
> > Gllug mailing list  -   Gllug at gllug.org.uk
> > http://lists.gllug.org.uk/mailman/listinfo/gllug
> >
> >
>
>
> --
> 'In letters of gold, on a snow-white kite, I will write "I Love You!"
> And send it soaring high above you, for all to read!'
>
> RIP Billy M 1957-1997
> --
> Gllug mailing list  -  Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug
>
>


-- 
Alexandre de Abreu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20070828/03493fee/attachment.html>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list